Exploit: Phishing attack
Partners in Care: Healthcare provider based in Bend, Oregon
Customers Impacted: Unknown
Risk to Small Business: Severe: A phishing attack compromised an employee’s email account towards the end of 2018, providing hackers with access to patients’ health information between November 17 and December 12. After completing a manual email review, the company concluded that sensitive patient information was exposed during the breach.
Individual Risk: Severe: Although it is unclear how many records were compromised in the breach, hackers were able to access patients’ personal information including names, birth dates, medical records, and social security numbers. Patient records related to diagnosis, medications, and insurance details were also revealed. The organization notified those impacted by the breach and are encouraging them to monitor their account statements for suspicious activity.
How it Could Affect Your Business: Companies managing sensitive healthcare information are expected to have mechanisms in place to protect their patients, so a preventable data breach is particularly egregious. While phishing scams are used to gain access to a company’s IT infrastructure, they can be prevented through training and monitoring tools.
In Other News:
Your Google Chrome extension may be an accomplice to phishing scams
Users of the popular Google Chrome browser could be susceptible to a new phishing scam. Android mobile users running Google Chrome might be familiar with the browser’s aesthetic, user-experience guided method of hiding the address bar when a user scrolls through a website. However, perpetrators of phishing scams are now using this feature to display a fake URL bar that persists when users scroll.
At the same time, the fictitious URL bar can display the credentials of real websites, making users think they are viewing an authentic website. By hiding the original URL bar, users can be easily directed towards malicious third-party sites where users could expose their personal or financial data.
This vulnerability is being exploited to execute effective phishing scams that quickly capture users most sensitive information. Beware!